Class AccessPoliciesClient (2.23.0)

AccessPoliciesClient(
    *,
    credentials: typing.Optional[google.auth.credentials.Credentials] = None,
    transport: typing.Optional[
        typing.Union[
            str,
            google.cloud.iam_v3beta.services.access_policies.transports.base.AccessPoliciesTransport,
            typing.Callable[
                [...],
                google.cloud.iam_v3beta.services.access_policies.transports.base.AccessPoliciesTransport,
            ],
        ]
    ] = None,
    client_options: typing.Optional[
        typing.Union[google.api_core.client_options.ClientOptions, dict]
    ] = None,
    client_info: google.api_core.gapic_v1.client_info.ClientInfo = google.api_core.gapic_v1.client_info.ClientInfo
)

Manages Identity and Access Management (IAM) access policies.

Properties

api_endpoint

Return the API endpoint used by the client instance.

Returns
Type	Description
`str`	The API endpoint used by the client instance.

transport

Returns the transport used by the client instance.

Returns
Type	Description
`AccessPoliciesTransport`	The transport used by the client instance.

universe_domain

Return the universe domain used by the client instance.

Returns
Type	Description
`str`	The universe domain used by the client instance.

Methods

AccessPoliciesClient

AccessPoliciesClient(
    *,
    credentials: typing.Optional[google.auth.credentials.Credentials] = None,
    transport: typing.Optional[
        typing.Union[
            str,
            google.cloud.iam_v3beta.services.access_policies.transports.base.AccessPoliciesTransport,
            typing.Callable[
                [...],
                google.cloud.iam_v3beta.services.access_policies.transports.base.AccessPoliciesTransport,
            ],
        ]
    ] = None,
    client_options: typing.Optional[
        typing.Union[google.api_core.client_options.ClientOptions, dict]
    ] = None,
    client_info: google.api_core.gapic_v1.client_info.ClientInfo = google.api_core.gapic_v1.client_info.ClientInfo
)

Instantiates the access policies client.

Parameters
Name	Description
`credentials`	`Optional[google.auth.credentials.Credentials]` The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.
`transport`	`Optional[Union[str,AccessPoliciesTransport,Callable[..., AccessPoliciesTransport]]]` The transport to use, or a Callable that constructs and returns a new transport. If a Callable is given, it will be called with the same set of initialization arguments as used in the AccessPoliciesTransport constructor. If set to None, a transport is chosen automatically.
`client_options`	`Optional[Union[google.api_core.client_options.ClientOptions, dict]]` Custom options for the client. 1. The `api_endpoint` property can be used to override the default endpoint provided by the client when `transport` is not explicitly provided. Only if this property is not set and `transport` was not explicitly provided, the endpoint is determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment variable, which have one of the following values: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto-switch to the default mTLS endpoint if client certificate is present; this is the default value). 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the `client_cert_source` property can be used to provide a client certificate for mTLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used. 3. The `universe_domain` property can be used to override the default "googleapis.com" universe. Note that the `api_endpoint` property still takes precedence; and `universe_domain` is currently not supported for mTLS.
`client_info`	`google.api_core.gapic_v1.client_info.ClientInfo` The client info used to send a user-agent string along with API requests. If `None`, then default info will be used. Generally, you only need to set this if you're developing your own client library.

Exceptions
Type	Description
`google.auth.exceptions.MutualTLSChannelError`	If mutual TLS transport creation failed for any reason.

exit

__exit__(type, value, traceback)

Releases underlying transport's resources.

access_policy_path

access_policy_path(organization: str, location: str, access_policy: str) -> str

Returns a fully-qualified access_policy string.

common_billing_account_path

common_billing_account_path(billing_account: str) -> str

Returns a fully-qualified billing_account string.

common_folder_path

common_folder_path(folder: str) -> str

Returns a fully-qualified folder string.

common_location_path

common_location_path(project: str, location: str) -> str

Returns a fully-qualified location string.

common_organization_path

common_organization_path(organization: str) -> str

Returns a fully-qualified organization string.

common_project_path

common_project_path(project: str) -> str

Returns a fully-qualified project string.

create_access_policy

create_access_policy(
    request: typing.Optional[
        typing.Union[
            google.cloud.iam_v3beta.types.access_policies_service.CreateAccessPolicyRequest,
            dict,
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    access_policy: typing.Optional[
        google.cloud.iam_v3beta.types.access_policy_resources.AccessPolicy
    ] = None,
    access_policy_id: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.api_core.operation.Operation

Creates an access policy, and returns a long running operation.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v3beta

def sample_create_access_policy():
    # Create a client
    client = iam_v3beta.AccessPoliciesClient()

    # Initialize request argument(s)
    request = iam_v3beta.CreateAccessPolicyRequest(
        parent="parent_value",
        access_policy_id="access_policy_id_value",
    )

    # Make the request
    operation = client.create_access_policy(request=request)

    print("Waiting for operation to complete...")

    response = operation.result()

    # Handle the response
    print(response)

Parameters
Name	Description
`request`	`Union[google.cloud.iam_v3beta.types.CreateAccessPolicyRequest, dict]` The request object. Request message for CreateAccessPolicy method.
`parent`	`str` Required. The parent resource where this access policy will be created. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}` This corresponds to the `parent` field on the `request` instance; if `request` is provided, this should not be set.
`access_policy`	`google.cloud.iam_v3beta.types.AccessPolicy` Required. The access policy to create. This corresponds to the `access_policy` field on the `request` instance; if `request` is provided, this should not be set.
`access_policy_id`	`str` Required. The ID to use for the access policy, which will become the final component of the access policy's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /`a-z][a-z0-9-.]`{2,62}/. This value must be unique among all access policies with the same parent. This corresponds to the `access_policy_id` field on the `request` instance; if `request` is provided, this should not be set.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns
Type	Description
`google.api_core.operation.Operation`	An object representing a long-running operation. The result type for the operation will be AccessPolicy An IAM access policy resource.

delete_access_policy

delete_access_policy(
    request: typing.Optional[
        typing.Union[
            google.cloud.iam_v3beta.types.access_policies_service.DeleteAccessPolicyRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.api_core.operation.Operation

Deletes an access policy.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v3beta

def sample_delete_access_policy():
    # Create a client
    client = iam_v3beta.AccessPoliciesClient()

    # Initialize request argument(s)
    request = iam_v3beta.DeleteAccessPolicyRequest(
        name="name_value",
    )

    # Make the request
    operation = client.delete_access_policy(request=request)

    print("Waiting for operation to complete...")

    response = operation.result()

    # Handle the response
    print(response)

Parameters
Name	Description
`request`	`Union[google.cloud.iam_v3beta.types.DeleteAccessPolicyRequest, dict]` The request object. Request message for DeleteAccessPolicy method.
`name`	`str` Required. The name of the access policy to delete. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}` This corresponds to the `name` field on the `request` instance; if `request` is provided, this should not be set.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns

Type Description

google.api_core.operation.Operation An object representing a long-running operation. The result type for the operation will be google.protobuf.empty_pb2.Empty A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
Name	Description
`filename`	`str` The path to the service account private key json file.

Returns
Type	Description
`AccessPoliciesClient`	The constructed client.

from_service_account_info

from_service_account_info(info: dict, *args, **kwargs)

Creates an instance of this client using the provided credentials info.

Parameter
Name	Description
`info`	`dict` The service account private key info.

Returns
Type	Description
`AccessPoliciesClient`	The constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
Name	Description
`filename`	`str` The path to the service account private key json file.

Returns
Type	Description
`AccessPoliciesClient`	The constructed client.

get_access_policy

get_access_policy(
    request: typing.Optional[
        typing.Union[
            google.cloud.iam_v3beta.types.access_policies_service.GetAccessPolicyRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iam_v3beta.types.access_policy_resources.AccessPolicy

Gets an access policy.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v3beta

def sample_get_access_policy():
    # Create a client
    client = iam_v3beta.AccessPoliciesClient()

    # Initialize request argument(s)
    request = iam_v3beta.GetAccessPolicyRequest(
        name="name_value",
    )

    # Make the request
    response = client.get_access_policy(request=request)

    # Handle the response
    print(response)

Parameters
Name	Description
`request`	`Union[google.cloud.iam_v3beta.types.GetAccessPolicyRequest, dict]` The request object. Request message for GetAccessPolicy method.
`name`	`str` Required. The name of the access policy to retrieve. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}` This corresponds to the `name` field on the `request` instance; if `request` is provided, this should not be set.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns
Type	Description
`google.cloud.iam_v3beta.types.AccessPolicy`	An IAM access policy resource.

get_mtls_endpoint_and_cert_source

get_mtls_endpoint_and_cert_source(
    client_options: typing.Optional[
        google.api_core.client_options.ClientOptions
    ] = None,
)

Deprecated. Return the API endpoint and client cert source for mutual TLS.

The client cert source is determined in the following order: (1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the client cert source is None. (2) if client_options.client_cert_source is provided, use the provided one; if the default client cert source exists, use the default one; otherwise the client cert source is None.

The API endpoint is determined in the following order: (1) if client_options.api_endpoint if provided, use the provided one. (2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the default mTLS endpoint; if the environment variable is "never", use the default API endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise use the default API endpoint.

More details can be found at https://google.aip.dev/auth/4114.

Parameter
Name	Description
`client_options`	`google.api_core.client_options.ClientOptions` Custom options for the client. Only the `api_endpoint` and `client_cert_source` properties may be used in this method.

Exceptions
Type	Description
`google.auth.exceptions.MutualTLSChannelError`	If any errors happen.

Returns
Type	Description
`Tuple[str, Callable[[], Tuple[bytes, bytes]]]`	returns the API endpoint and the client cert source to use.

get_operation

get_operation(
    request: typing.Optional[
        typing.Union[google.longrunning.operations_pb2.GetOperationRequest, dict]
    ] = None,
    *,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.longrunning.operations_pb2.Operation

Gets the latest state of a long-running operation.

Parameters
Name	Description
`request`	`.operations_pb2.GetOperationRequest` The request object. Request message for `GetOperation` method.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns
Type	Description
`.operations_pb2.Operation`	An `Operation` object.

list_access_policies

list_access_policies(
    request: typing.Optional[
        typing.Union[
            google.cloud.iam_v3beta.types.access_policies_service.ListAccessPoliciesRequest,
            dict,
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iam_v3beta.services.access_policies.pagers.ListAccessPoliciesPager

Lists access policies.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v3beta

def sample_list_access_policies():
    # Create a client
    client = iam_v3beta.AccessPoliciesClient()

    # Initialize request argument(s)
    request = iam_v3beta.ListAccessPoliciesRequest(
        parent="parent_value",
    )

    # Make the request
    page_result = client.list_access_policies(request=request)

    # Handle the response
    for response in page_result:
        print(response)

Parameters
Name	Description
`request`	`Union[google.cloud.iam_v3beta.types.ListAccessPoliciesRequest, dict]` The request object. Request message for ListAccessPolicies method.
`parent`	`str` Required. The parent resource, which owns the collection of access policy resources. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}` This corresponds to the `parent` field on the `request` instance; if `request` is provided, this should not be set.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns
Type	Description
`google.cloud.iam_v3beta.services.access_policies.pagers.ListAccessPoliciesPager`	Response message for ListAccessPolicies method. Iterating over this object will yield results and resolve additional pages automatically.

parse_access_policy_path

parse_access_policy_path(path: str) -> typing.Dict[str, str]

Parses a access_policy path into its component segments.

parse_common_billing_account_path

parse_common_billing_account_path(path: str) -> typing.Dict[str, str]

Parse a billing_account path into its component segments.

parse_common_folder_path

parse_common_folder_path(path: str) -> typing.Dict[str, str]

Parse a folder path into its component segments.

parse_common_location_path

parse_common_location_path(path: str) -> typing.Dict[str, str]

Parse a location path into its component segments.

parse_common_organization_path

parse_common_organization_path(path: str) -> typing.Dict[str, str]

Parse a organization path into its component segments.

parse_common_project_path

parse_common_project_path(path: str) -> typing.Dict[str, str]

Parse a project path into its component segments.

parse_policy_binding_path

parse_policy_binding_path(path: str) -> typing.Dict[str, str]

Parses a policy_binding path into its component segments.

policy_binding_path

policy_binding_path(organization: str, location: str, policy_binding: str) -> str

Returns a fully-qualified policy_binding string.

search_access_policy_bindings

search_access_policy_bindings(
    request: typing.Optional[
        typing.Union[
            google.cloud.iam_v3beta.types.access_policies_service.SearchAccessPolicyBindingsRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> (
    google.cloud.iam_v3beta.services.access_policies.pagers.SearchAccessPolicyBindingsPager
)

Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v3beta

def sample_search_access_policy_bindings():
    # Create a client
    client = iam_v3beta.AccessPoliciesClient()

    # Initialize request argument(s)
    request = iam_v3beta.SearchAccessPolicyBindingsRequest(
        name="name_value",
    )

    # Make the request
    page_result = client.search_access_policy_bindings(request=request)

    # Handle the response
    for response in page_result:
        print(response)

Parameters
Name	Description
`request`	`Union[google.cloud.iam_v3beta.types.SearchAccessPolicyBindingsRequest, dict]` The request object. Request message for SearchAccessPolicyBindings rpc.
`name`	`str` Required. The name of the access policy. Format: `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` This corresponds to the `name` field on the `request` instance; if `request` is provided, this should not be set.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns
Type	Description
`google.cloud.iam_v3beta.services.access_policies.pagers.SearchAccessPolicyBindingsPager`	Response message for SearchAccessPolicyBindings rpc. Iterating over this object will yield results and resolve additional pages automatically.

update_access_policy

update_access_policy(
    request: typing.Optional[
        typing.Union[
            google.cloud.iam_v3beta.types.access_policies_service.UpdateAccessPolicyRequest,
            dict,
        ]
    ] = None,
    *,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.api_core.operation.Operation

Updates an access policy.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iam_v3beta

def sample_update_access_policy():
    # Create a client
    client = iam_v3beta.AccessPoliciesClient()

    # Initialize request argument(s)
    request = iam_v3beta.UpdateAccessPolicyRequest(
    )

    # Make the request
    operation = client.update_access_policy(request=request)

    print("Waiting for operation to complete...")

    response = operation.result()

    # Handle the response
    print(response)

Parameters
Name	Description
`request`	`Union[google.cloud.iam_v3beta.types.UpdateAccessPolicyRequest, dict]` The request object. Request message for UpdateAccessPolicy method.
`retry`	`google.api_core.retry.Retry` Designation of what errors, if any, should be retried.
`timeout`	`float` The timeout for this request.
`metadata`	`Sequence[Tuple[str, Union[str, bytes]]]` Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type `str`, but for metadata keys ending with the suffix `-bin`, the corresponding values must be of type `bytes`.

Returns
Type	Description
`google.api_core.operation.Operation`	An object representing a long-running operation. The result type for the operation will be AccessPolicy An IAM access policy resource.